mvt/tests/artifacts/generate_stix.py

import os

from stix2.v21 import (Indicator, Malware, Relationship, Bundle)

def generate_test_stix_file(file_path):
    if os.path.isfile(file_path):
        os.remove(file_path)

    domains = ["example.org"]
    processes = ["Launch"]
    emails = ["foobar@example.org"]
    filenames = ["/var/foobar/txt"]

    res = []
    malware = Malware(name="TestMalware", is_family=False, description="")
    res.append(malware)
    for d in domains:
        i = Indicator(indicator_types=["malicious-activity"], pattern="[domain-name:value='{}']".format(d), pattern_type="stix")
        res.append(i)
        res.append(Relationship(i, 'indicates', malware))

    for p in processes:
        i = Indicator(indicator_types=["malicious-activity"], pattern="[process:name='{}']".format(p), pattern_type="stix")
        res.append(i)
        res.append(Relationship(i, 'indicates', malware))

    for f in filenames:
        i = Indicator(indicator_types=["malicious-activity"], pattern="[file:name='{}']".format(f), pattern_type="stix")
        res.append(i)
        res.append(Relationship(i, 'indicates', malware))

    for e in emails:
        i = Indicator(indicator_types=["malicious-activity"], pattern="[email-addr:value='{}']".format(e), pattern_type="stix")
        res.append(i)
        res.append(Relationship(i, 'indicates', malware))

    bundle = Bundle(objects=res)
    with open(file_path, "w+") as f:
        f.write(bundle.serialize(pretty=True))


if __name__ == "__main__":
    generate_test_stix_file("test.stix2")
    print("test.stix2 file created")
First test structure 2021-12-16 11:50:12 +00:00			`import os`
Update test PR to work with latest code, fix flake8 2022-01-07 16:03:53 +00:00
			`from stix2.v21 import (Indicator, Malware, Relationship, Bundle)`
First test structure 2021-12-16 11:50:12 +00:00
Generate stix2 for each test run 2022-01-07 16:51:21 +00:00			`def generate_test_stix_file(file_path):`
			`if os.path.isfile(file_path):`
			`os.remove(file_path)`
First test structure 2021-12-16 11:50:12 +00:00
			`domains = ["example.org"]`
			`processes = ["Launch"]`
			`emails = ["foobar@example.org"]`
			`filenames = ["/var/foobar/txt"]`

			`res = []`
			`malware = Malware(name="TestMalware", is_family=False, description="")`
			`res.append(malware)`
			`for d in domains:`
			`i = Indicator(indicator_types=["malicious-activity"], pattern="[domain-name:value='{}']".format(d), pattern_type="stix")`
			`res.append(i)`
			`res.append(Relationship(i, 'indicates', malware))`

			`for p in processes:`
			`i = Indicator(indicator_types=["malicious-activity"], pattern="[process:name='{}']".format(p), pattern_type="stix")`
			`res.append(i)`
			`res.append(Relationship(i, 'indicates', malware))`

			`for f in filenames:`
			`i = Indicator(indicator_types=["malicious-activity"], pattern="[file:name='{}']".format(f), pattern_type="stix")`
			`res.append(i)`
			`res.append(Relationship(i, 'indicates', malware))`

			`for e in emails:`
			`i = Indicator(indicator_types=["malicious-activity"], pattern="[email-addr:value='{}']".format(e), pattern_type="stix")`
			`res.append(i)`
			`res.append(Relationship(i, 'indicates', malware))`

			`bundle = Bundle(objects=res)`
Generate stix2 for each test run 2022-01-07 16:51:21 +00:00			`with open(file_path, "w+") as f:`
First test structure 2021-12-16 11:50:12 +00:00			`f.write(bundle.serialize(pretty=True))`
Update test PR to work with latest code, fix flake8 2022-01-07 16:03:53 +00:00
Generate stix2 for each test run 2022-01-07 16:51:21 +00:00
			`if __name__ == "__main__":`
			`generate_test_stix_file("test.stix2")`
First test structure 2021-12-16 11:50:12 +00:00			`print("test.stix2 file created")`